[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000000000000997dff0603e58a02@google.com>
Date: Sun, 27 Aug 2023 04:04:27 -0700
From: syzbot <syzbot+f25c61df1ec3d235d52f@...kaller.appspotmail.com>
To: hdanton@...a.com, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
T1] RPL Segment Routing with IPv6
[ 22.153462][ T1] In-situ OAM (IOAM) with IPv6
[ 22.158633][ T1] mip6: Mobile IPv6
[ 22.167745][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 22.185212][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 22.197237][ T1] NET: Registered PF_PACKET protocol family
[ 22.203406][ T1] NET: Registered PF_KEY protocol family
[ 22.209481][ T1] Bridge firewalling registered
[ 22.214972][ T1] NET: Registered PF_X25 protocol family
[ 22.220716][ T1] X25: Linux Version 0.2
[ 22.301783][ T1] NET: Registered PF_NETROM protocol family
[ 22.389320][ T1] NET: Registered PF_ROSE protocol family
[ 22.395297][ T1] NET: Registered PF_AX25 protocol family
[ 22.401145][ T1] can: controller area network core
[ 22.407441][ T1] NET: Registered PF_CAN protocol family
[ 22.413109][ T1] can: raw protocol
[ 22.417186][ T1] can: broadcast manager protocol
[ 22.422248][ T1] can: netlink gateway - max_hops=1
[ 22.427654][ T1] can: SAE J1939
[ 22.431196][ T1] can: isotp protocol (max_pdu_size 8300)
[ 22.437369][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 22.443097][ T1] Bluetooth: RFCOMM socket layer initialized
[ 22.449713][ T1] Bluetooth: RFCOMM ver 1.11
[ 22.454468][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 22.460598][ T1] Bluetooth: BNEP filters: protocol multicast
[ 22.467157][ T1] Bluetooth: BNEP socket layer initialized
[ 22.472946][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 22.478826][ T1] Bluetooth: CMTP socket layer initialized
[ 22.484665][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 22.491508][ T1] Bluetooth: HIDP socket layer initialized
[ 22.502104][ T1] NET: Registered PF_RXRPC protocol family
[ 22.508020][ T1] Key type rxrpc registered
[ 22.512934][ T1] Key type rxrpc_s registered
[ 22.519379][ T1] NET: Registered PF_KCM protocol family
[ 22.526198][ T1] lec:lane_module_init: lec.c: initialized
[ 22.532235][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 22.538764][ T1] l2tp_core: L2TP core driver, V2.0
[ 22.544063][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 22.549753][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 22.556606][ T1] l2tp_netlink: L2TP netlink interface
[ 22.562260][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 22.569431][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 22.577749][ T1] NET: Registered PF_PHONET protocol family
[ 22.584800][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 22.608369][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 22.614078][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 22.621209][ T1] DCCP is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 22.632363][ T1] sctp: Hash tables configured (bind 32/56)
[ 22.641253][ T1] NET: Registered PF_RDS protocol family
[ 22.647757][ T1] Registered RDS/infiniband transport
[ 22.653720][ T1] Registered RDS/tcp transport
[ 22.658688][ T1] tipc: Activated (version 2.0.0)
[ 22.664367][ T1] NET: Registered PF_TIPC protocol family
[ 22.670831][ T1] tipc: Started in single node mode
[ 22.676860][ T1] NET: Registered PF_SMC protocol family
[ 22.682686][ T1] 9pnet: Installing 9P2000 support
[ 22.688768][ T1] NET: Registered PF_CAIF protocol family
[ 22.702700][ T1] NET: Registered PF_IEEE802154 protocol family
[ 22.710080][ T1] Key type dns_resolver registered
[ 22.715485][ T1] Key type ceph registered
[ 22.720499][ T1] libceph: loaded (mon/osd proto 15/24)
[ 22.728520][ T1] batman_adv: B.A.T.M.A.N. advanced 2023.3 (compatibility version 15) loaded
[ 22.737761][ T1] openvswitch: Open vSwitch switching datapath
[ 22.747749][ T1] NET: Registered PF_VSOCK protocol family
[ 22.753909][ T1] mpls_gso: MPLS GSO support
[ 22.767156][ T1] start plist test
[ 22.776649][ T1] end plist test
[ 22.789647][ T1] IPI shorthand broadcast: enabled
[ 22.795205][ T1] AVX2 version of gcm_enc/dec engaged.
[ 22.800844][ T1] AES CTR mode by8 optimization enabled
[ 24.946860][ T1] sched_clock: Marking stable (24900021811, 44080130)->(24947471898, -3369957)
[ 24.963256][ T1] registered taskstats version 1
[ 24.991977][ T1] Loading compiled-in X.509 certificates
[ 25.002988][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 6ff01a4b96c932563103f4d4fff2d5d5224413d4'
[ 25.018103][ T1] zswap: loaded using pool lzo/zbud
[ 25.254541][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 28.206068][ T1] Key type .fscrypt registered
[ 28.210844][ T1] Key type fscrypt-provisioning registered
[ 28.225620][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 28.251109][ T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
[ 28.259400][ T1] Key type big_key registered
[ 28.266816][ T1] Key type encrypted registered
[ 28.271690][ T1] AppArmor: AppArmor sha1 policy hashing enabled
[ 28.278086][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 28.284455][ T1] Loading compiled-in module X.509 certificates
[ 28.295355][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 6ff01a4b96c932563103f4d4fff2d5d5224413d4'
[ 28.306295][ T1] ima: Allocated hash algorithm: sha256
[ 28.311992][ T1] ima: No architecture policies found
[ 28.317903][ T1] evm: Initialising EVM extended attributes:
[ 28.323988][ T1] evm: security.selinux (disabled)
[ 28.329111][ T1] evm: security.SMACK64 (disabled)
[ 28.334298][ T1] evm: security.SMACK64EXEC (disabled)
[ 28.340638][ T1] evm: security.SMACK64TRANSMUTE (disabled)
[ 28.346557][ T1] evm: security.SMACK64MMAP (disabled)
[ 28.352203][ T1] evm: security.apparmor
[ 28.356464][ T1] evm: security.ima
[ 28.360293][ T1] evm: security.capability
[ 28.364715][ T1] evm: HMAC attrs: 0x1
[ 28.371158][ T1] PM: Magic number: 3:991:932
[ 28.379710][ T1] printk: console [netcon0] enabled
[ 28.384982][ T1] netconsole: network logging started
[ 28.390833][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 28.398542][ T1] rdma_rxe: loaded
[ 28.403224][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 28.415177][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 28.423103][ T54] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 28.432796][ T54] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 28.442788][ T1] clk: Disabling unused clocks
[ 28.448246][ T1] ALSA device list:
[ 28.452320][ T1] #0: Dummy 1
[ 28.456220][ T1] #1: Loopback 1
[ 28.459931][ T1] #2: Virtual MIDI Card 1
[ 28.466828][ T1] md: Waiting for all devices to be available before autodetect
[ 28.474753][ T1] md: If you don't use raid, use raid=noautodetect
[ 28.481592][ T1] md: Autodetecting RAID arrays.
[ 28.486591][ T1] md: autorun ...
[ 28.490209][ T1] md: ... autorun DONE.
[ 28.550861][ T1] EXT4-fs (sda1): mounted filesystem 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 ro with ordered data mode. Quota mode: none.
[ 28.563733][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 28.584466][ T1] devtmpfs: mounted
[ 28.752930][ T1] Freeing unused kernel image (initmem) memory: 3396K
[ 28.759784][ T1] Write protecting the kernel read-only data: 188416k
[ 28.769443][ T1] Freeing unused kernel image (rodata/data gap) memory: 700K
[ 28.896155][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 28.908769][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 28.918782][ T1] Run /sbin/init as init process
[ 28.923727][ T1] with arguments:
[ 28.927591][ T1] /sbin/init
[ 28.931132][ T1] with environment:
[ 28.935216][ T1] HOME=/
[ 28.938421][ T1] TERM=linux
[ 28.941948][ T1] spec_store_bypass_disable=prctl
[ 28.947789][ T1] BOOT_IMAGE=/boot/bzImage
[ 29.033669][ T1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 29.045504][ T1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 29.053923][ T1] CPU: 1 PID: 1 Comm: init Not tainted 6.5.0-rc7-next-20230822-syzkaller-dirty #0
[ 29.063122][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 29.073176][ T1] RIP: 0010:do_raw_spin_lock+0x6e/0x2b0
[ 29.078757][ T1] Code: 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e3
[ 29.098364][ T1] RSP: 0000:ffffc90000067b28 EFLAGS: 00010247
[ 29.104512][ T1] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 29.112477][ T1] RDX: 0000000000000000 RSI: ffffffff8ae8fc60 RDI: 0000000000000004
[ 29.120616][ T1] RBP: 1ffff9200000cf66 R08: 0000000000000000 R09: fffffbfff1d9ba3a
[ 29.128598][ T1] R10: ffffffff8ecdd1d7 R11: ffffffff8a3cdc9d R12: 0000000000000000
[ 29.136743][ T1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000680000
[ 29.144714][ T1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 29.153649][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.160258][ T1] CR2: 00007ffc17ddb229 CR3: 0000000026fb0000 CR4: 00000000003506e0
[ 29.168335][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.176321][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.184297][ T1] Call Trace:
[ 29.187574][ T1] <TASK>
[ 29.190504][ T1] ? show_regs+0x8f/0xa0
[ 29.194762][ T1] ? die_addr+0x4f/0xd0
[ 29.198926][ T1] ? exc_general_protection+0x154/0x230
[ 29.204761][ T1] ? asm_exc_general_protection+0x26/0x30
[ 29.210679][ T1] ? syscall_exit_to_user_mode+0x1d/0x60
[ 29.216327][ T1] ? do_raw_spin_lock+0x6e/0x2b0
[ 29.221382][ T1] ? spin_bug+0x1d0/0x1d0
[ 29.225722][ T1] ? lock_release+0x4bf/0x680
[ 29.230413][ T1] ? dput+0x251/0xfd0
[ 29.234447][ T1] list_lru_add+0xce/0x540
[ 29.238877][ T1] ? dput+0x39/0xfd0
[ 29.243068][ T1] dput+0x87f/0xfd0
[ 29.246888][ T1] proc_kill_sb+0x6d/0x100
[ 29.251320][ T1] deactivate_locked_super+0x19c/0x2d0
[ 29.256793][ T1] deactivate_super+0xde/0x100
[ 29.261580][ T1] cleanup_mnt+0x222/0x3d0
[ 29.266442][ T1] mntput_no_expire+0x864/0xbc0
[ 29.271303][ T1] ? do_raw_spin_unlock+0x173/0x230
[ 29.276528][ T1] ? _raw_spin_unlock+0x28/0x40
[ 29.281394][ T1] ? mnt_get_count+0x1e0/0x1e0
[ 29.286165][ T1] ? _raw_spin_unlock+0x28/0x40
[ 29.291024][ T1] mntput+0x6b/0x90
[ 29.294874][ T1] __fput+0x560/0xa70
[ 29.298875][ T1] task_work_run+0x14d/0x240
[ 29.303486][ T1] ? task_work_cancel+0x30/0x30
[ 29.308359][ T1] ? kernel_execve+0x3f9/0x4e0
[ 29.313223][ T1] exit_to_user_mode_prepare+0x210/0x240
[ 29.318874][ T1] syscall_exit_to_user_mode+0x1d/0x60
[ 29.324339][ T1] ? rest_init+0x2b0/0x2b0
[ 29.328762][ T1] ret_from_fork_asm+0x11/0x20
[ 29.333545][ T1] </TASK>
[ 29.336557][ T1] Modules linked in:
[ 29.340653][ T1] ---[ end trace 0000000000000000 ]---
[ 29.346320][ T1] RIP: 0010:do_raw_spin_lock+0x6e/0x2b0
[ 29.351867][ T1] Code: 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e3
[ 29.371529][ T1] RSP: 0000:ffffc90000067b28 EFLAGS: 00010247
[ 29.380525][ T1] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 29.388593][ T1] RDX: 0000000000000000 RSI: ffffffff8ae8fc60 RDI: 0000000000000004
[ 29.396657][ T1] RBP: 1ffff9200000cf66 R08: 0000000000000000 R09: fffffbfff1d9ba3a
[ 29.405013][ T1] R10: ffffffff8ecdd1d7 R11: ffffffff8a3cdc9d R12: 0000000000000000
[ 29.413142][ T1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000680000
[ 29.421293][ T1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 29.430837][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.437428][ T1] CR2: 00007ffc17ddb229 CR3: 0000000026fb0000 CR4: 00000000003506e0
[ 29.445508][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.453478][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.461546][ T1] Kernel panic - not syncing: Fatal exception
[ 29.467789][ T1] Kernel Offset: disabled
[ 29.472099][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build503812671=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at b81ca3f66
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=11f109eba80000
Tested on:
commit: 28c736b0 Add linux-next specific files for 20230822
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
kernel config: https://syzkaller.appspot.com/x/.config?x=20999f779fa96017
dashboard link: https://syzkaller.appspot.com/bug?extid=f25c61df1ec3d235d52f
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=159e79b0680000
Powered by blists - more mailing lists